Analysis

  • max time kernel
    168s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 01:41

General

  • Target

    82fe113744575be4819be811427615867765773a4e22bdcebe9a232680815427.exe

  • Size

    286KB

  • MD5

    b19687d5d2b1abb22d6c01be18c97830

  • SHA1

    eb9eea88999484a3386015103fe73bf45014db98

  • SHA256

    82fe113744575be4819be811427615867765773a4e22bdcebe9a232680815427

  • SHA512

    3ad332a12562ac2fc99d8f1b3a9d6c48f1bdb4c60f41ee7bc543049e03559ec11db367b001d847509fba936467b3bc21f041b34ce7d2a5b1141d01ac2e0b5a03

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 1 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 53 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82fe113744575be4819be811427615867765773a4e22bdcebe9a232680815427.exe
    "C:\Users\Admin\AppData\Local\Temp\82fe113744575be4819be811427615867765773a4e22bdcebe9a232680815427.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    PID:3800

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads